Alerts

Overview

Alerts are designed to notify you when recent leads or signups have an increase in risk.
If data is added to a blacklist that matches your data, E-HAWK will automatically send an email so you can quickly
review the user, revet them if you wish, and take any necessary actions. Alert Emails are sent every six hours with all alerts during that time frame. If you do not want email alerts, you can use the Alert API that you can call anytime to get Alert data.

Settings and Reporting

Alert settings are configured in the Reporting Portal.
You can select alert data types as well as set a scoring threshold that filters only high impact scoring changes based on your
custom scoring profile.
In addition, recent alerts can be viewed in the portal Alert tab.

In the settings area you can configure an email address for Alert notices,
Alert Type (Email or API), score threshold, and what data points to monitor.

Alerts can be sent via Email or by calling the Alert API, but not both.

Alert Data and Format

Alerts contain the following data and are delivered in JSON format.

transaction_id

transaction ID of vet

type

The type that hit the alert such as IP, Email, Phone, etc

value

The value that hit the alert

reason

The reason hit for the alert such as Phishing.

transaction_score

The Risk Score of the vet

alert_score_impact

the change or impact of the new risk hit based on your scoring profile

estimated_new_score

An estimate of the new vet score based on the new risk hit

username

username value sent in vet. This should be your unique system user ID

transaction_fingerprint

The Talon fingerprint of the vet

transaction_date

The timestamp of the vet (UTC)

alert_date

The timestamp the Alert was created (UTC)

The JSON format is:

transaction_idstring

typestring

valuestring

reasonstring

transaction_scorestring

alert_score_impactstring

estimated_new_scorestring

usernamestring

transaction_fingerprintstring

transaction_datestring

alert_datestring

Email Alerts

Email Alerts are sent every six hours to your configured Alert email address and contain a list of all issues during that period.
The emails show data for each Alert and contain JSON data at the end for back-end processing.

Subject: E-HAWK Alert - 2016-04-01 04:00:00

The following transactions(s) have been tagged with new information.
You may want to review or revet the user(s) as their risk score has changed.
At the bottom of this email are alerts in JSON format for back-end processing.

Alert API

To get Alerts via an API call (either POST or GET), use the following:

https://feed-api.e-hawk.net/apikey/alert/function/

Where function value is list to get all new, undelivered Alerts, and mark undelivered as "sent".
As a backup you can also call list24 to view all Alerts within the last 24 hours, but this does not mark any as "sent" and will keep unsent tags in the portal.

The response will be a JSON string with each Alert in a new sub JSON string. The Alert JSON contains the Vet Transaction ID and all the data for the Alert. As an example: